XML External Entity Vulnerability in VMware vRealize Orchestrator
CVE-2023-20855
8.8HIGH
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 22 February 2023
What is CVE-2023-20855?
VMware vRealize Orchestrator has an XML External Entity (XXE) vulnerability that allows a malicious individual with non-administrative access to exploit specially crafted XML input. This could lead to unauthorized access to sensitive information and potentially allow the attacker to escalate their privileges within the system.
Affected Version(s)
VMware vRealize Orchestrator, VMware vRealize Automation, VMware Cloud Foundation VMware vRealize Orchestrator 8.x